mySeatXT 0.2134 SQL Injection

2014-01-24T00:00:00
ID PACKETSTORM:124930
Type packetstorm
Reporter vinicius777
Modified 2014-01-24T00:00:00

Description

                                        
                                            `########################################################################################  
[+] Exploit: mySeatXT 0.2134 #  
[+] Author: vinicius777 #  
[+] Contact: vinicius777 [AT] gmail @vinicius777_ #   
[+] Vendor Homepage: http://sourceforge.net/projects/myseat #  
########################################################################################  
  
  
[1] Sql Injection  
  
  
PoC: http://localhost/mySeatXT/web/ajax/autocomplete_res.php?term=99' ['SQL INJECT']  
  
  
  
Vulnerable Code:  
[+] autocomplete_res.php  
  
  
$sql = "SELECT * FROM reservations WHERE reservation_guest_name LIKE '".$_GET['term']."%' GROUP BY reservation_guest_name ";  
$fetch = mysql_query($sql);  
  
  
  
#  
#  
# Greetz to g0tm1lk and TheColonial.  
  
`